I have an editorial in the current issue of Communications of the Association of Computing Machinery, a scholarly journal for computer scientists, in which I describe the way that laws that protect digital locks (like America’s DMCA) compromise the fundamentals of computer security.
At the Electronic Frontier Foundation, we’re anxious to talk with computer scientists whose research is impeded by DMCA and laws like it, and to discuss how they can improve their odds of coming out on top in legal challenges. It’s part of the Apollo 1201 project to kill all the world’s DRM within a decade.
DMCA 1201 is turning all of IoT into a playground for malware, where reporting vulnerabilities and releasing third-party improvements to systems are chilled by a law that was stupid in 1998 and is deadly in 2015.
Malware is always frightening, but it is much worse on systems already designed to treat their owners as adversaries. Infections on devices that take pains to hide their processes and files from their owners are much more difficult to detect and root out. Those devices are supposed to run programs that user-space apps cannot see or terminate, so malware that avails itself of this privilege becomes nearly bulletproof.
The Electronic Frontier Foundation’s new Apollo 1201 project aims to reform DMCA 1201, and all of the laws like it around the world, within a decade. We want to litigate the constitutionality of 1201, representing scholars, researchers and academics, these being the kind of unimpeachable clients judges are loathe to find against.
We know from our own off-the-record conversations with academics and researchers that they quietly violate 1201 in their work all the time, and that there are plenty of legitimate projects that never launch for fear of violating the law. If you do this sort of work, the Electronic Frontier Foundation would like to discuss it with you. If you know someone who does this kind of work, encourage that person to get in touch with the Electronic Frontier Foundation.
The model of fixing social problems by locking users out of their own devices is an invitation to even worse security policies. When FBI Director James Comey and U.K. Prime Minister David Cameron call for backdoors in our crypto, they are necessarily implying a means of ensuring you cannot install code of your choosing on your devices, lest you choose to install working crypto.
I Can’t Let You Do That, Dave
[Communications of the ACM]